Get-aduser by array employeenumber

Question

I'm trying to get the SamAccountName or Name attribute of AD users given by a fixed list of EmployeeNumbers attribute, for which I made an Array, then I want to print all of the SamAccountName attributes on screen to copy them to a web program.

$EmpID=(57885,57718,57806,57607,59281,57790,60097,61103,60552,57862,60698,61321,57730,57402,58546,57871,57886,57669,55878,52052,57811,60106,60741,61050,59279,61053,60735,50718,51459,57805,52343,57716,60618,57908,58356,60619,50937,61204,61099,60517,61015,61123,56078,54103,57947,57861,57991,60547,57915,58559,57010,59285,61003,61016,51620,56383,60621)

foreach($usr in $EmpID){get-aduser -filter "EmployeeNumber -eq '$($usr).EmployeeNumber'" -properties Name}

So I get one of this error for each value in the $EmpID array.

Get-ADUser : No se encuentra ningún parámetro de posición que acepte el argumento 'EmployeeNumber = '60621''.
En línea: 3 Carácter: 2
+ {get-aduser where "EmployeeNumber = '$usr'" -Properties Name}
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.GetADUser

$usr is just the number. So change the filter to employeenumber -eq $usr — Doug Maurer, Aug 09 '20 at 03:50
You need to check which property you try to compare. An ADUser has both `EmployeeNumber` and `EmployeeID`. Both properties are strings. My guessis that you are mixing the two properties because you hav variable `$EmpID`, but try to find the user via property `EmployeeNumber`. Also, prperty `Name` is returned by default whereas you will have to explicitely request for `EmployeeNumber` and/or `EmployeeID` — Theo, Aug 09 '20 at 10:18

score 0 · Accepted Answer · answered Aug 09 '20 at 05:53

Your variable $EmpID only contains a number, there is no "EmployeeNumber" property plus your closing parenthesis is in the wrong spot. You can see the difference by just running this

$EmpID=(57885,57718,57806,57607)
foreach($usr in $EmpID){$usr.employeenumber} # No output

and then this

$EmpID=(57885,57718,57806,57607)
foreach($usr in $EmpID){$usr}

So if you simply change your code to

$EmpID=(57885,57718,57806,57607,59281,57790,60097,61103,60552,57862,60698,61321,57730,57402,58546,57871,57886,57669,55878,52052,57811,60106,60741,61050,59279,61053,60735,50718,51459,57805,52343,57716,60618,57908,58356,60619,50937,61204,61099,60517,61015,61123,56078,54103,57947,57861,57991,60547,57915,58559,57010,59285,61003,61016,51620,56383,60621)

foreach($usr in $EmpID){get-aduser -filter "EmployeeNumber -eq '$usr'" -properties Name}

It should work fine. The way you're calling it now would require $EmpID to have objects with an EmployeeNumber property. Let's say you had a CSV with a single column and the header is EmployeeNumber. The following would be valid.

$EmpID = Import-CSV $somecsvfile

foreach($usr in $EmpID){get-aduser -filter "EmployeeNumber -eq '$($usr.EmployeeNumber)'" -properties Name}

Note the subexpression surrounds both the variable and the property name.

Great, it worked, strange thing happened while running it on PowerShell ISE, with powershell 5.1.17134.112 Runned the script 2 times and didn't got any result, nothing, not even errors. 3th time it worked just fine, getting all results. — Salvador, Aug 09 '20 at 12:33
Why do you say _"there is no "EmployeeNumber" property"_? An ADUser has **both** [EmployeeID and EmployeeNumber attributes](https://social.technet.microsoft.com/wiki/contents/articles/12037.active-directory-get-aduser-default-and-extended-properties.aspx) — Theo, Aug 13 '20 at 10:38
He is refering to my variable $EmpID, it's just a number, has no employeenumber property. — Salvador, Aug 13 '20 at 15:07

score -1 · Answer 2 · answered Aug 09 '20 at 10:36

As commented, an AD user has properties EmployeeID and EmployeeNumber (both defined as string). Your question and code reveal you are mixing those two properties, so you need to check thoroughly first which of the two properties you need to use.

Then some remarks about your code:

the $EmpID array definition does not need brackets and can be split up to multiple lines for clarity
the code shows you use Get-ADUser -Filter .., but the error message you show doesn't. There it reveals the usage of Where-Object with a wrong clause in which you are trying to assign something to another thing via the = operator.
the code does not check if it actually could find a user with that EmployeeNumber or EmployeeID. If this would work at all, it would not output what you intend to receive, which seems to be the SamAccountName only,

Below code assumes you are using the EmployeeID property, but you need to check if this should not be EmployeeNumber

$EmpID= 57885,57718,57806,57607,59281,57790,60097,61103,60552,57862,60698,61321,57730,57402,
        58546,57871,57886,57669,55878,52052,57811,60106,60741,61050,59279,61053,60735,50718,
        51459,57805,52343,57716,60618,57908,58356,60619,50937,61204,61099,60517,61015,61123,
        56078,54103,57947,57861,57991,60547,57915,58559,57010,59285,61003,61016,51620,56383,60621

$result = foreach($id in $EmpID) {
    $user = Get-ADUser -Filter "EmployeeID -eq '$id'" -Properties EmployeeID, EmployeeNumber -ErrorAction SilentlyContinue
    if ($user) {
        # output the user property you want to store in the $result array
        $user.SamAccountName  # your question wants SamAccountName only..
    }
    else {
        Write-Warning "User with EmployeeID '$id' does not exist"
    }
}

# now you have an array with user SamAccountNames

# output on screen
$result

Thanks for the help, in this case i know all ID are positive results that's why i didn't considered that they could not be there. — Salvador, Aug 09 '20 at 12:36

Get-aduser by array employeenumber

2 Answers2